Well you said it yourself. It's bullet proof. No way around that. And they left select unfiltered, which is good... for... admins. You know, because they may need to select something, from another non-filtered source, such as information_schema. But, that's just taking a guess at the database they're using, based solely on the things they did choose to filter.

EDIT

WTF? I swear that wasn't filtered a second ago. Eyes are playing tricks on me. Just have to resort to more nefarious methods of circumventing that security, such as disabling JavaScript or something.